Cryptographic Accumulators for Authenticated Hash Tables

Abstract

Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores $n$ elements in a hash table that is outsourced at a remote server. Authenticating the hash table functionality, i.e., verifying the correctness of queries answered by the server and ensuring the integrity of the stored data, is crucial because the server, lying outside the administrative control of the client, can be malicious. We design efficient and secure protocols for optimally authenticating (non-)membership queries on hash tables, using cryptographic accumulators as our basic security primitive and applying them in a novel hierarchical way over the stored data. We provide the first construction for authenticating a hash table with \emph{constant query} cost and \emph{sublinear update} cost, strictly improving upon previous methods. Our first solution, based on the RSA accumulator, allows the server to provide a proof of integrity of the answer to a membership query in \emph{constant} time and supports updates in $O\left(n^{\epsilon}\log n\right)$ time for any fixed constant $0